- Description
- Hermes versions up to 0.4.0 improperly validated the JWT provided when using the AWS ALB authentication mode, potentially allowing for authentication bypass. This vulnerability, CVE-2025-1293, was fixed in Hermes 0.5.0.
- Source
- security@hashicorp.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.2
- Impact score
- 4.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
- Severity
- HIGH
- security@hashicorp.com
- CWE-1390
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
🚨 CVE-2025-1293 🔴 HIGH (8.2) 🏢 HashiCorp - Tooling 🏗️ 0 🔗 https://t.co/9mYaRBkoDZ #CyberCron #VulnAlert @HashiCorp https://t.co/5weIIVx635
@cybercronai
20 Feb 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Recently, our research team found CVE-2025-1293: A critical security finding in HashiCorp's Hermes doc management system. https://t.co/JAo9u9FfSI
@liadeliyahu
20 Feb 2025
417 Impressions
2 Retweets
8 Likes
0 Bookmarks
1 Reply
1 Quote